WhatsApp’s announcement last month that it would start sharing more user data, including phone numbers, with its parent Facebook didn’t go down well with many people. Now, a privacy regulator in Germany has taken particular exception to the update, demanding that the collection process is stopped and all gathered information be deleted.

The Hamburg Commissioner for Data Protection and Freedom of Information said Facebook is infringing data protection law by collecting user data from WhatsApp. Johannes Caspar ruled that the social network “neither has obtained an effective approval from the WhatsApp users, nor does a legal basis for the data reception exist.”

Germany isn’t the only place where the update is facing the wrath of privacy groups. The UK’s Information Commissioner’s Office is investigating the matter; the Electronic Privacy Information Center in the US has already filed a complaint with the FTC; and CNIL, France’s data protection authority, is monitoring the situation “with great vigilance.”

WhatsApp said the reason for the policy change was to test new features, such as the ability for businesses to communicate with customers, and to help the social network make better friend suggestions and deliver more relevant ads. It’s also said to “fight spam and abuse, and improve experiences across our services and those of Facebook and the Facebook family.” Users can opt out for ad-targeting purposes, but not out of all data sharing activities.

"This administrative order protects the data of about 35 million WhatsApp users in Germany," Caspar said. "It has to be their decision, whether they want to connect their account with Facebook. Therefore, Facebook has to ask for their permission in advance. This has not happened."

Responding to the ruling, a Facebook spokesperson said: “Facebook complies with EU data protection law. We will work with the Hamburg DPA in an effort to address their questions and resolve any concerns.”